🕝︎ - 2024-05-05
A little over a month ago my DNS servers for
asjo.org were getting a lot of traffic - I never
figured out why, but it was enough to bring my home router to its
knees.
The same thing happened today - I noticed because my jukebox kept
rebooting, because it couldn't ping the router and assumed that it
itself had fallen off the network.
But it hadn't, the router was just swamped and not answering:
The cause seems to be the same as he last time, one IP address located
in China sending an eccessive amount of udp DNS requests for
asjo.org. Litteraly 998/1000 packets were that.
Looking at the two other DNS servers clearly shows that they were
being hit as well:
On this one you can see the outgoing graph plunging after I added an
iptables rule to DROP packets coming from the offending IP-address, no
more answers for you:
I couldn't get to the firewall interface in the router as it was too
overloaded - so I had to reboot it, and then I was able to add this
second IP-address to my "Drop DNS flood"-rule, and then smokeping
started looking much better:
I still have no idea what the reason for these low-key DoS attacks
are.
🕧︎ - 2024-04-28
When working in a terminal emulator the command clear is nice to
declutter and still allow scrolling back through old output, and
reset is nice to also get rid of the scrollback - eg if you are
debugging and don't want to accidentally be confused by old output.
There's one annoying thing though, while clear is almost instant,
reset takes a second. Ugh.
From a fediverse post I learned that
tput reset does the same thing only without the delay! So I quickly
made a symlink from ~/bin/reset pointing to /usr/bin/tput and now
reset is instant - at least in Sakura.
The latest release of ncurses was yesterday, and the release announcement has this paragraph:
tput and tset
+ add "-v" option to tput, to show warnings
+ modify reset command to avoid altering clocal if the terminal
uses a modem
+ modify reset feature to avoid 1-second sleep if running in a
pseudo-terminal
I don't quite understand it, as tput is fast for me, but let's see
when ncurses 6.5 rolls into the various operating systems.
🕥︎ - 2024-04-23
If you're good a Linux and want to work in a research organisation in
an environment where you're expected to look after racks of servers,
from making sure the right ones are there with the right components,
to keeping the operating system (Ubuntu) updated, the virtual machines
spinning (Proxmox), the distributed network storage in top shape
(Ceph), and the tape robot fed, here is a job ad for you to check out:
· Devops Engineer, Lyngby, Denmark
You'll be expected to analyze trends (Grafana) and catch problems
before they get out of hand, learn from your mistakes and document
them via improved monitoring (Nagios), and to respond to the whims of
researchers changing focus. A bunch of responsibility and the freedom
to find a good solution - and some opinionated colleagues to discuss
it with as well.
🕤︎ - 2024-04-15
Today I counted the number of NNTP-servers I have implemented for different purposes over the years.
I wonder if I qualify for Guinness book of records - I have implemented 5 different NNTP-servers:
- d-a-d.com discussion forum (Perl)
- Feedbase - RSS/Atom reader (Perl)
- Lantern - blog engine (Haskell)
- olduse.net - nntp time travel (Haskell)
- Illuminant - ActivityPub server (Haskell)
Some years before implementing Illuminant I also sketched up an NNTP-based microblogging system, which hasn't been implemented (yet?)
🕚︎ - 2024-03-31
Yesterday evening my home router started acting up. Instead of ping
showing a latency of a couple of ms it went up to hundreds, and on top
of that it started dropping 40-80% of the packets.
I tried turning it off and on again, wildly guessing that my ISP maybe
had done some kind of upgrade or something.
It started up nicely, but then bogged down again. After a while I
looked at the smokeping graph, which confirmed that something was
wrong:
I noticed that on my three DNS servers, one behind this router and two
on VPS's, named was in the top of the CPU usage list. Hm.
ngrep'ing traffic on port 53 revealed a single IP doing a lot of
requests for asjo.org. As in thousands.
I even got a warning from one of the VPS hosters telling me about the
sudden spike in outbound traffic.
I started dropping the packets from that IP on the servers, and in the
router, the outbound traffic disappeared, and my router no longer
suffered. Yay!
It seems like a weird low-key DoS attack, but it's kind of hard to
understand. It's not that disruptive - luckily - and it seems to come
from one IP-address only.
Well, almost. After I started dropping all packets from that IP,
another one showed up as excessively active, so I started dropping
packet from that one as well. Almost as soon as I did, the barrage
from this second IP stopped completely.
The first IP, however, is still sending UDP packets at some 1-2 MBps
to each VPS, here more than 24 hours later. Go figure.
I know that various people mistake my domain asjo.org for something
else from time to time (when I had a Twitter account @asjo that also
happened quite a bit), but what this IP-address - apparently somewhere
in central China - has against my DNS servers, I can't tell. It's odd.
🕥︎ - 2024-03-29
Tried to watch Atomic Blonde tonight, as it is available on Danish National Television - I bailed after 30 odd minutes; it wasn't for me.
🕥︎ - 2024-03-12
I have mentioned The Unix Heritage Society mailing list before - fun stuff comes by on it from time to time.
Today Douglas McIlroy replied to a thread about the early Unix rand() routine and who had written a funny note in the documentation, recalling an early story of password breaking:
When Ken pioneered password cracking by trying every word in word lists at hand, one of the password files he found plenty of hits in came from Berkeley. He told them and they responded by assigning random passwords to everybody. That was a memorable error. Guessing that the passwords were generated by a simple encoding of the output of rand, Ken promptly broke 100% of the newly "hardened" password file.
Ken Thompson replied:
i wrote the generator.
dmr or rhm wrote the comment.
Today
Orson Welles (109).
Tony Blair (71).
Martin Eisig (49).
2024-05-14
The wedding of Mary Donaldson and Prince Frederik of Denmark (20).
2024-05-18
Per Rossing (62).
Andita dwi Meirna (47).
Riot in Copenhagen; Police shoots directly at people; 11 wounded (31).
Stig Pedersen (59).
Walther Frederiksen (104).
2024-05-19
Flemming Quist Møller (82).
libera.chat (3).
2024-05-23
Carl von Linné (317).
Bonnie and Clyde killed (90).
2024-05-24
Gabriel Daniel Fahrenheit (338).
Queen Victoria (205).
Bob Dylan (83).
2024-05-28
John Berchtold (41).
Mathias Rust lands on the Red Square (37).
